In this video, we cover Lab #2 in the Authentication module of the Web Security Academy. This lab's two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user's 2FA verification code. To solve the lab, we access Carlos's account page.

Your credentials: wiener:peter
Victim's credentials carlos:montoya

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://academy.ranakhalil.com/p/web-...

▬ 📚 Contents of this video 📚 ▬▬▬▬▬▬▬▬▬▬
00:00​​​ - Introduction
00:12 - Web Security Academy Course (https://bit.ly/30LWAtE)
01:23 - Navigation to the exercise
01:52 - Understand the exercise and make notes about what is required to solve it
02:35 - Exploit the lab
05:12 - Script the exploit in Python
12:45 - Summary
12:57 - Thank You

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Python script: https://github.com/rkhal101/Web-Secur...
Notes.txt document: https://github.com/rkhal101/Web-Secur...
Web Security Academy Lab Exercise: https://portswigger.net/web-security/...
Rana's Twitter account:   / rana__khalil